Lucene search
K

769 matches found

Veracode
Veracode
added 2023/08/06 11:23 p.m.31 views

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in URL Formatting of the library, allowing an attacker to perform domain spoofing via a maliciously crafted HTML page...

6.5CVSS6.5AI score0.0048EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/07/29 12:15 a.m.37 views

CVE-2022-4915

Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6AI score0.0048EPSS
Exploits1References4
OSV
OSV
added 2023/07/29 12:15 a.m.2 views

DEBIAN-CVE-2022-4915

Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.3AI score0.0048EPSS
Exploits1References1
Prion
Prion
added 2023/07/29 12:15 a.m.25 views

Design/Logic Flaw

Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.1AI score0.0048EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/07/29 12:15 a.m.35 views

CVE-2022-4915

Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.6AI score0.0048EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/07/28 11:26 p.m.42 views

CVE-2022-4915

Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

6.8AI score0.0048EPSS
Exploits1References4
CVE
CVE
added 2023/07/28 11:26 p.m.115 views

CVE-2022-4915

CVE-2022-4915 is a Chrome/Chromium URL formatting vulnerability: an improper URL handling in Chrome prior to 103.0.5060.134 allowed a remote attacker to spoof domains via a crafted HTML page. Documents consistently reference Google Chrome/Chromium and a domain-spoofing impact; desktop Chrome vers...

6.5CVSS6.4AI score0.0048EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2023/07/28 11:26 p.m.31 views

CVE-2022-4915

Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.0048EPSS
Exploits1
OSV
OSV
added 2023/07/17 7:52 a.m.4 views

SUSE-SU-2023:2850-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR New: - Required fields are now highlighted in PDF forms. - Improved performance on...

8.8CVSS8.6AI score0.00696EPSS
Exploits1References16
Veracode
Veracode
added 2023/07/14 6:48 a.m.12 views

Brute Force Token Secrets

superfly/tokenizer is vulnerable to brute-force of token secrets vulnerability. The vulnerability is due to not restricting formatting in fmt parameter to simple formatting and allowing fmt/dst parameters to be specified at request time leading to attacker brute forcing secret values using...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2023/07/06 7:16 p.m.19 views

CVE-2023-36462 Mastodon's verified profile links can be formatted in a misleading way

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a...

5.4CVSS5.7AI score0.00527EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.4 views

PT-2023-5146 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by a buffer overflow vulnerability in the firewall handler set function of the Milesight UR32L router's firmware. This vulnerability can be exploited by a remote attacker to...

9CVSS7.4AI score0.01318EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2023/06/25 12:0 a.m.8 views

The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, allows a hacker to cause a service failure.

The vulnerability of the formatting function of the SQL parser for Python Sqlparse is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability allows an attacker to cause service failures remotely...

7.8CVSS6.7AI score0.0098EPSS
Exploits0References16Affected Software5
CNVD
CNVD
added 2023/06/08 12:0 a.m.2 views

Triangle MicroWorks SCADA Data Gateway Formatting String Error Vulnerability

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. A formatting string error vulnerability exists in Triangle MicroWorks SCADA Data Gateway, which can be exploited by an attacker to execute arbitrary code and gain host privileges...

9.8CVSS9.6AI score0.00706EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.3 views

EyouCMS 跨站请求伪造漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCMS v1.6.2, which originated from allowing an attacker to execute arbitrary commands by uploading a carefully...

4.3CVSS5.5AI score0.00265EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/01 12:0 a.m.5 views

Zyxel NBG-418N v2 格式化字符串错误漏洞

The Zyxel NBG-418N v2 is a wireless router from China Hopkins Zyxel. A security vulnerability exists in the Zyxel NBG-418N v2 firmware versions prior to V1.00. A remote attacker could exploit this vulnerability to cause a denial of service DoS condition on the affected device...

6.5CVSS6.6AI score0.00788EPSS
Exploits0References2
Fedora
Fedora
added 2023/04/26 1:44 a.m.20 views

[SECURITY] Fedora 37 Update: lilypond-2.24.1-1.fc37

LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files...

8.6CVSS8.5AI score0.00414EPSS
Exploits1
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.3 views

Git for Windows 格式化字符串错误漏洞

Git for Windows is Git's Git for Windows. A formatting string error vulnerability exists in Git for Windows version 2.40.0 and prior versions, which stems from the use of hard-coded paths to find localized messages...

3.3CVSS6.9AI score0.01055EPSS
Exploits0References22
Github Security Blog
Github Security Blog
added 2023/04/24 9:30 a.m.40 views

Cross-site Scripting in Backdrop CMS

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

4.8CVSS4.8AI score0.00536EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/04/24 8:15 a.m.3 views

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

4.8CVSS6.1AI score0.00536EPSS
Exploits1References3
Rows per page
Query Builder